Saved Resources and Higher-Value Service: The Benefits of the Cloud

As with any other major change in the higher education space, especially when that change is IT-related, cloud-hosting for critical institutional services has been analyzed and re-analyzed by leaders across the postsecondary space. Though higher education leaders should not see the cloud as a panacea, there are great opportunities for higher education institutions to take advantage of its benefits to improve services and reduce costs. In this interview, cloud computing expert Bernard Golden shares his thoughts on the advantages institutions can gain by moving administrative functions to the cloud and sheds some light on some of the most common problems institutions experience before and after making the transition.

The EvoLLLution (Evo): How careful must leaders be about seeing the cloud as a panacea?

Bernard Golden (BG): Like any new solution or new innovative development, leaders should be careful and cautious about the cloud. They shouldn’t assume that it will solve every problem under the sun.

Most organizations, however, have approached cloud computing too cautiously and too suspiciously, raising a host of issues and concerns. It’s important to recognize that leaders must address these common issues—security and privacy, for example—but the fact that those are issues leaders must be aware of doesn’t mean that the innovation of cloud computing should be rejected.

Leaders must be careful, but not overly so.

Evo: What responsibility do vendors have in mitigating the impact of some of these common misconceptions or the tendency to be over-cautious?

BG: When it comes to both security and compliance, it’s a shared responsibility between the user and the provider. The provider is responsible for the security and compliance of specific areas as stipulated in the contract, as is the user.

For example, if a user has a cloud-based service that runs in the provider’s data center, the provider is responsible for the physical security of that facility. The user cannot be responsible for making sure that nobody inappropriate accesses the facility or has access to the servers. However, making sure that the database software on which the user runs their applications, which they have installed, is secure against SQL injection attacks is the user’s responsibility. There’s no way the provider could be responsible for that and, in fact, the user wouldn’t want them to be, because you don’t want them influencing that code.

It’s very important for leaders to understand the shared responsibility model, and to understand where the trust boundary lies. In other words, where is the line where the user needs to trust the provider to do their job? Users need to decide the most acceptable way to evaluate what goes on over on the provider’s side of the trust boundary for their organization.

Evo: It’s interesting to consider the shared responsibility environment where both the vendor and organization have a unique but critical role in keeping things running.

BG: It’s very important to understand this level of shared responsibility because that plays into the service level agreements (SLAs) that users and providers must sign. Users usually demand to have what we call “five nines” — or 99.999% uptime — for their systems. Typically, though, the factors that have the greatest negative impact on availability actually reside at the user level — at the application layer — not at the infrastructure layer. This is to say, most of the time, downtime issues are the responsibility of the user, not the vendor.

It’s important to understand that and to understand what an SLA really provides, and what organizations can expect from it. Part of it is understanding where the shared responsibility areas lie.

Evo: What are some of the most significant and realistic advantages that an organization can expect to gain when they move their major administrative functions to the cloud?

BG: There are a couple of major advantages to moving central administrative functions to the cloud, specifically in the realm of higher education. Cloud-hosted services are well suited for the most common use patterns of higher education institutions, which are very difficult for an IT organization within the higher education institution to handle.

Class registration, something every college needs to do, provides a great example. There are significant spikes in registration twice a year, and then the rest of the year registration numbers are, for the most part, low and steady. The challenge for an IT organization, then, is that they need to have enough resources on hand to manage the bi-annual spikes that may be over 100 times the typical usage compared to the rest of the year. It’s difficult to handle these kinds of usage spikes. However, using an external provider for those kinds of central administrative systems places the burden for having, managing and planning the capacity squarely on the service provider. That takes a major stress away from the IT organization.

Working with a service provider also takes out of the equation any concern that the internal IT organization doesn’t have the resources available to provide their customers and stakeholders with the level of service they expect, from registration to other fundamental services. On the flip side, it removes the pressure on internal IT organizations to increase their capacity and maintain a higher-than-necessary capacity throughout the year on services that don’t require it, siphoning critical resources from other areas. The reality for most higher education IT organizations is that they are not that well funded or well staffed, creating significant challenges for them.

So, the first piece is that moving major administrative systems to the cloud enables them to get better matching of resources, which is very important.

The second piece is maybe not as immediately evident or easily measurable, but also important. Moving major administrative services to the cloud enables the IT organization to focus on higher value activities. By offloading all important but relatively lower value-add computing responsibilities, the IT organization is enabled to really serve their customers—their professors, students and staff—with higher value efforts.

Now, let me follow that by saying that this doesn’t seem to have had much impact on the way universities operate. For example, there is no value in running your own email system, yet many universities and colleges still run their own email. Every one of them should be offloading email service to Microsoft or Google because those companies are experts in that, they can do it really effectively and cheaply, and that enables those IT organizations to focus on better supporting their constituents.

Evo: Can organizations replicate the level of service and convenience available on the cloud through on-premises hosting?

BG: Generally, for these kinds of standard-package-type functionalities, external organizations can probably do a better job than internal teams.

Service providers have the bandwidth to make sure everything is cached properly, they have 24/7, first-rate talent managing the systems. They can dedicate the resources necessary to really run these systems properly and they will never be in a situation where they have to manage storage or security ineffectively because they don’t have the resources to make critical upgrades. Reputable service providers don’t make the same mistakes or face the same challenges as internal IT organizations; they make the investments that need to be made to maintain and improve the service.

For administrative applications, an external provider is likely to do a better job.

Evo: As that level of IT expertise starts to shift to external service providers, how must the role of internal IT organizations shift?

BG: Internal IT organizations need to up-level their capabilities to manage this shift in responsibilities. They aren’t going to be hiring people whose job is to manage backups or other base-level tasks like that. They have the opportunity and responsibility to provide higher value.

Additionally, many IT personnel typically prefer to do those higher-value tasks. They would rather not spend their time doing mundane work as “tape jockeys.”

Evo: How might an organization that chooses to stay reliant on on-site hosting for all information and services be impacted in the long run?

BG: I have a somewhat controversial view on the impact of keeping everything on-premises, but I think it’s a recipe for becoming obsolete and eventually being bypassed and replaced or dismantled.

I’ve seen that in many organizations. There is often a resistance that comes from a belief that, “Nobody can do this better than we can,” or nervousness around how future roles might change.

To respond to that anxiety by simply keeping everything in-house is unlikely to be a successful strategy in the long term. At some point, there will be enough evidence that it’s clear that enough peer institutions are moving to the cloud and your institution is not making the right choices. At that point, there will be a decision-making process that will not be pleasant, to say the least.

A common Silicon Valley cliché is, “Disrupt yourself before you’re disrupted.” It’s a challenge to disrupt operations, but it’s very unpleasant to be disrupted.

Evo: Is there anything you would like to add about the importance of helping higher education institutions move forward and avoid being disrupted?

BG: The role of IT is expanding enormously in our economy and our society. IT organizations are responsible for a great deal more than ever before, and it’s a really exciting time to be involved with IT. There are tremendous opportunities to add more value and serve as a much more important partner in institutions, but it’s really important to understand what needs to happen in order to achieve that role.

Either IT organizations can move to adding more value to the institution, or they can be happy with the status quo and wind up in a “being disrupted” situation.

This interview has been edited for length.